A cyberattack on JBS, the largest meat producer globally, has forced the shutdown of some of world’s largest slaughterhouses, and there are signs that the closures are spreading.
JBS’s five biggest beef plants in the U.S. — which altogether handle 22,500 cattle a day — have halted processing following a weekend attack on the company’s computer networks, according to JBS posts on Facebook, labor unions and employees. Those outages alone have wiped out nearly a fifth of America’s production. Slaughter operations across Australia were also down, according to a trade group. One of Canada’s largest beef plants was idled for a second day.
It’s unclear exactly how many plants globally have been affected by the attack as JBS has yet to release details that granular. The prospect of more extensive shutdowns around the world is already upending agricultural markets and raising concerns about food security as hackers increasingly target critical infrastructure. In the U.S., JBS accounts for about a quarter of all U.S. beef capacity and roughly a fifth of all pork capacity. Livestock futures slumped while pork prices rose.
JBS suspended its North American and Australian computer systems after an organized assault on Sunday on some of its servers, the Brazilian meat giant said Monday in an emailed statement. Without commenting on operations at its plants, JBS said the incident may delay certain transactions with customers and suppliers.
“Retailers and beef processors are coming from a long weekend and need to catch up with orders,” Steiner Consulting Group said in its Daily Livestock Report. “If they suddenly get a call saying that product may not deliver tomorrow or this week, it will create very significant challenges in keeping plants in operation and the retail case stocked up.”
The White House has offered assistance to JBS after the company notified the Biden administration on Sunday of a cyberattack from a criminal organization likely based in Russia, White House Deputy Press Secretary Karine Jean-Pierre told reporters Tuesday. Biden has directed the administration to do whatever they can to mitigate the impact on the meat supply.
Any substantial disruption in meat processing would further stoke mounting political concerns about the concentration of the meat industry and complaints that the four giant companies that control more than 80% of U.S. beef processing unfairly leverage their power over farmers and consumers.
Cattle producers were already seething over a surge in retail prices for hamburger and steaks while the prices processors pay for livestock barely budge. Congress has been examining legislation to address cattle markets and rural lawmakers recently pressed the Justice Department for action on an antitrust investigation of the beef industry launched last year.
JBS is the No. 1 beef producer in the U.S., accounting for 23% of the nation’s maximum capacity compared to rival Tyson Foods Inc.’s 22% share, according to an investor report by Tyson.
JBS closed beef processing facilities in Utah, Texas, Wisconsin and Nebraska and canceled shifts at plants in Iowa and Colorado on Tuesday, according to union officials and employees. Union Facebook posts also said some kill and fabrication shifts in the U.S. have also been canceled.
Pork and chicken facilities across the nation including one in Minnesota were also closed by the owner of Pilgrim’s Pride, the second-biggest U.S. chicken producer, according to union officials and employees. At least five of the six U.S. pork facilities were cutting back on operations Tuesday, according to Facebook posts from the plants.
“There are at least 10 plants I have knowledge of that have had operations suspended because of the cyberattack,” said Paula Schelling-Soldner, acting chairperson for the national council of locals representing food inspectors for the American Federation of Government Employees. She declined to identify the locations of the operations.
The U.S. Department of Agriculture’s midday reports for beef and pork didn’t disclose prices due to “packer submission issues.” However, the CME Group’s pork futures contract jumped by more than 3.5%.
Chicago cattle futures slumped as much as 3.4% to the lowest levels since Jan. 12, before trimming losses to about 1.1%. The potential slaughterhouse closures at JBS plants exacerbated an existing supply glut, with too many cattle than the capacity to process them.
JBS USA’s beef and pork units and Pilgrim’s Pride had net revenue of about $40 billion in 2020, according to company filings. The division includes operations in U.S., Canada, Australia, New Zealand, Mexico, Puerto Rico and Europe.
Hackers now have the commodities industry in their crosshairs with the JBS attack coming just three weeks after Colonial Pipeline Co., operator of the biggest U.S. gasoline pipeline, was targeted in a ransomware attack. It also happened as the global meat industry battles lingering COVID-19 absenteeism after recovering from mass outbreaks last year that saw plants shut and supplies disrupted.
“While JBS has not confirmed that this is a ransomware attack it has all of the hallmarks of one,” said Allan Liska, senior security architect at cybersecurity analytics firm Recorded Future, who said that there has been more than 40 publicly reported ransomware attacks against food companies since May 2020. “The actual number is probably higher.”
The assault affected the Canadian beef plant in Brooks, Alberta, about 190 kilometers (118 miles) east of Calgary, with shifts canceled on Monday and Tuesday, according to Scott Payne, spokesman for United Food and Commercial Workers Canada Union Local 401. The plant processes 30% of Canada’s federally inspected cattle, according to the Canadian Cattlemen’s Association.
JBS owns facilities in 20 countries. The U.S. accounts for half of the company’s revenue, while Australia and New Zealand represent 4% and Canada accounts for 3%, according to company fillings. JBS also has operations in South America and Europe. Brazilian plants are operating normally, a company spokesperson said Tuesday by phone.
Backup servers were not affected, and the company is working to restore systems as soon as possible, according to a statement from JBS USA Monday. The processor said it’s not aware of any customer, supplier or employee data being compromised or misused.
JBS’s shares rose 1.4% in São Paulo, compared with the 1.5% gain for Brazil’s Ibovespa benchmark index.
JBS is the largest Australian meat and food processor with a portfolio of beef, lamb, pork, and value-added branded products, according to its website. It exports to more than 50 countries and its Dinmore facility is the biggest beef plant in the southern hemisphere. On the domestic market, the Australian Meat Industry Council said there is no indication that the attack will have a major impact on red meat and pork products supply.
Still, the shutdown is a big concern for exports if it drags on, said Matt Dalgleish, manager of commodity markets insights at Thomas Elder Markets, noting Australia ships overseas about 70% to 75% of red meat products from sheep and cattle. There is a risk to worldwide supplies too.
“If it’s a short-term scenario, just a week or something that they’re offline, then it’s probably just a minimal hiccup,” said Dalgleish. But “given the size of JBS globally, if they were offline for any more than a week, then we’re going to see disruption to supply chains for sure,” he said.